[xmlsec] Is certificate needed when signing?
wz qiang
weizhongqiang at gmail.com
Mon Jul 7 07:51:10 PDT 2008
Hello,
In http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-x509.html
Before siging a node,
/* load private key, assuming that there is not password */
dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file,
xmlSecKeyDataFormatPem, NULL, NULL, NULL);
if(dsigCtx->signKey == NULL) {
fprintf(stderr,"Error: failed to load private pem key from
\"%s\"\n", key_file);
goto done;
}
/* load certificate and add to the key */
if(xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey, cert_file,
xmlSecKeyDataFormatPem) < 0) {
fprintf(stderr,"Error: failed to load pem certificate
\"%s\"\n", cert_file);
goto done;
}
I wonder whether the second step (load certificate) is needed for signing?
In principle, private key is enough, right? I also test with loading
certificate and without loading certificate, both signature can be verified.
Appretiate in advance
Weizhong
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20080707/2a57a215/attachment-0002.htm
More information about the xmlsec
mailing list